Organizations are facing increasing risks and threats from various causes, including, for example, fraud, unauthorized access to systems, and insider threats. Current organizational attempts to identify and eliminate these risks/threats are ineffective and/or are difficult to understand and implement. There is no current way to document, communicate and implement how controls are managed across the organization and manage controls and their associated metrics efficiently and effectively.
Thus, there is a need for a transparent (i.e. easy to understand) and actionable risk/reward approach for organizational processes, controls, training and development and a tool for managing the interaction among various organizational areas, resources and data stores for efficient and effective control and metric creation, definition, implementation, management, and evaluation.